Increase security. Maintain compliance. Retain control.

How To Test For … ?

If you are not familiar with the concept of Information Leakage, we suggest that you review the article entitled “What is Information Leakage ?“. Keep Your Eyes Open During Testing In my experience, you don’t do much testing for Information […]

If you are not familiar with the concept of CSV Injection, we suggest that you review the article entitled “What is CSV Injection ?“. For testing to be relevant, we assume you have a requirement to process an untrusted CSV […]

If you are not familiar with the concept of HTTP Strict Transport Security (HSTS), we suggest that you review the article entitled “What is HTTP Strict Transport Security ?“. It is not uncommon for web-application vulnerability scanners to report a […]

If you are not already familiar with the concept of “Server-Side Request Forgery (SSRF)”, we suggest that you review “What Is Server-Side Request Forgery?“. Blackbox testing for SSRF can be very difficult if you do not have insight into what […]

If you are not already familiar with the concept of Log Injection, we suggest that you review the article entitled “What Is Log Injection ?“. You should consider testing for Log Injection in any circumstance that user supplied input is written […]